{"id":17979,"date":"2020-03-18T01:02:08","date_gmt":"2020-03-18T09:02:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/03\/18\/news-11712\/"},"modified":"2020-03-18T01:02:08","modified_gmt":"2020-03-18T09:02:08","slug":"news-11712","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2020\/03\/18\/news-11712\/","title":{"rendered":"Empower Firstline Workers with Azure AD and YubiKey passwordless authentication"},"content":{"rendered":"

Credit to Author: Todd VanderArk| Date: Thu, 12 Mar 2020 16:00:37 +0000<\/strong><\/p>\n

At the end of February, Microsoft announced the FIDO2 passwordless support for hybrid environments<\/a>. The integration of FIDO2-based YubiKeys and Azure Active Directory (Azure AD) is a game changer. It combines the ubiquity of Azure AD, the usability of YubiKey, and the security of both solutions to put us on the path to eliminate passwords in the enterprise. Think about that for a moment. Imagine never being asked to change your password again, no more password spreadsheets or vault apps. No more phishing and password spray! Would it be too much to compare it to the moon landing? Probably. But it\u2019s at least as monumental to security as the introduction of passwords themselves. Now think about how much passwordless authentication will improve everyday work for Firstline Workers. Today I\u2019ll share why usability and user experience are so important and how you can modernize work (and security) while reducing costs for Firstline Workers. I\u2019ll also provide advice on transitioning your hybrid environment to passwordless.<\/p>\n

User experience matters<\/h3>\n

Do you want to know why attackers have been so successful? Because they\u2019ve paid attention to user experience. The tools they use to trick users to hand over passwords have been carefully updated to feel legitimate to users. One tool even has a Help Desk, if you can believe that! And it\u2019s working. Many users don\u2019t even realize they\u2019ve given up their password. Bad actors can focus on usability because the economics of hacking are cheap. They don\u2019t have to be present to interrupt a sign-in, and they only need one<\/em><\/strong> password to gain access and move laterally to increase privileges. They don\u2019t need a high success rate to achieve a good payoff, which allows them to take the time to get it right. They use that time to research companies for good targets and improving the user experience of their phishing attempts.<\/p>\n

Yubico understands the importance of usability and makes security tools accessible and easy to use. Our flagship product, YubiKey, was designed with these principles in mind. The YubiKey is a hardware token with a cryptographic element that supports FIDO2 standards. It is not a password storage device, nor does it contain any personal information. With traditional passwords, the server requests a password, and if the user hands over the password, the server has no way to validate if that user should have that password. With a YubiKey, the server sends a challenge to the user. The user plugs the key in and touches it to sign the challenge. It requires the user to be physically present, so it eliminates remote takeovers of accounts. The ability to work from anywhere in the world is what enables cybercrime.<\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

Equally important is its simplicity. Users don\u2019t need to find a code on a separate device or remember complicated passwords or a PIN. The same key can be used across all their devices and accounts, and you can attach it to a keychain. (Take a look at this video to see it in action<\/a>.)<\/p>\n

Transform the Firstline Worker experience, securely<\/h3>\n

The biggest opportunity for the Azure AD and YubiKey integration to make a real difference is with Firstline Workers. Firstline Workers are more than 2 billion people worldwide who work in service- or task-oriented roles across industries such as retail, hospitality, travel, and manufacturing. They are often mobile, and many serve as the first touchpoint with your customers. Incredibly important to your business, they have been underserved by the cloud revolution. Firstline Workers typically aren\u2019t issued a computer, and the computers they do use may not have a lot of connectivity. This makes it difficult to stay connected to corporate communications or interact digitally with coworkers. It can also prevent them from efficiently doing their jobs. For example, it can be challenging to serve customers if an employee needs to sign into an available computer to answer a question.<\/p>\n

\"\"<\/a><\/p>\n

One call center reduced the steps to sign in from 13 steps to six\u2014that\u2019s a 60 percent reduction.<\/em><\/p>\n

There are a lot of hidden costs to password resets. To reduce this time, Firstline Worker passwords often never change. They have developed the same familiar bad habits as office workers: they write down passwords or reuse the same one across multiple sites. Lurking in the wings are the bad actors who just need one<\/em><\/strong> password to infiltrate your organization.<\/p>\n

YubiKey reduces that risk and empowers your Firstline Workers. With a YubiKey users can easily move from device to device. This can dramatically improve the work experience. It also drives better business outcomes. One call center that implemented YubiKey authentication cut its sign-in process from 13 steps to six\u2014that\u2019s a 60 percent reduction. Reducing time spent signing in can drive huge costs reductions.<\/p>\n

The Azure AD and YubiKey integration can support your digital transformation goals in the field. Firstline Workers will easily access the information they need whether that is for customer service or building new products\u2014with significantly less risk of an account takeover.<\/p>\n

<\/div>\n

Transition your hybrid environment to passwordless<\/h3>\n

YubiKey is a good fit for companies who are invested in Microsoft technology because the device includes several generations of solutions. It works with legacy applications (we can protect anything from Windows XP on up) and cloud solutions like Azure and Office 365. It can support one-time passwords (OTP) with Active Directory or smart card capabilities<\/a>. If you use Active Directory Federation Services to authenticate, there is a plugin that integrates with on-premises. It\u2019s also compatible with cloud-based authentication, and we are working with Microsoft on integration with Azure Active Directory. Our latest YubiKey 5 Series supports the following authentication technologies:<\/p>\n